Working to get converted from caddy-auth-portal to caddy-security. I have a new docker image and Caddyfile. I am able to go to http://192.168.1.106 and am returned "Client sent an HTTP request to an HTTPS server". Good sign caddy is listening on port 80. When I go to https://192.168.1.106/auth or https://192.168.1.106/portainer I get "This site canโt provide a secure connection". I am not seeing any errors in the logs. Not sure what I am missing.
docker exec -it caddy /bin/sh -c "caddy list-modules -versions | grep security"
security v1.0.13
{
debug
https_port 80
http_port 443
local_certs
security {
credentials smtp.contoso.com {
username foo
password bar
domain contoso.com
}
authentication portal myportal {
cookie lifetime 86400
crypto default token lifetime 3600
crypto key sign-verify <redacted>
backend local /config/caddy/users.json local
ui {
links {
"Portainer" "/portainer" icon "las la-star"
"My Identity" "/auth/whoami" icon "las la-user"
}
}
transform user {
match origin local
action add role authp/user
ui link "Portal Settings" /auth/settings icon "las la-cog"
}
}
authorization policy mypolicy {
set auth url /auth/
crypto key verify <redacted>
allow roles authp/admin authp/user
}
}
}
192.168.1.106, 127.0.0.1, localhost {
route /version* {
respond * "1.0.0" 200
}
route /auth* {
authenticate * with myportal
}
route /xauth* {
authenticate * with myportal
}
route /portainer/* {
authorize with mypolicy
reverse_proxy 192.168.1.106:9000
}
route {
redir https://{hostport}/auth 302
}
}
ARG CADDY_VERSION=2.4.6
FROM caddy:${CADDY_VERSION}-builder AS builder
RUN xcaddy build \
--with github.com/lucaslorentz/caddy-docker-proxy/plugin/v2 \
--with github.com/greenpau/caddy-security \
--with github.com/greenpau/caddy-trace \
--with github.com/porech/caddy-maxmind-geolocation \
--with github.com/caddy-dns/cloudflare \
--with github.com/kirsch33/realip
FROM caddy:${CADDY_VERSION}-alpine
# Timezone
ENV TIMEZONE America/Chicago
# Install timezone data and setup timezone
RUN apk --update add --no-cache --virtual .tz-deps tzdata \
&& cp /usr/share/zoneinfo/${TIMEZONE} /etc/localtime \
&& echo ${TIMEZONE} > /etc/timezone \
&& apk del .tz-deps
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
CMD ["caddy", "docker-proxy"]
{"level":"info","ts":1644499353.9904323,"logger":"http.handlers.authenticator","msg":"validated authenticator","portal_name":"myportal","portal_id":"f375cf79-c7e6-42e6-a02a-a33d07113777","path":"*","id":"e9adc199-52b5-4649-a0b6-14837dd8bd85"}
{"level":"info","ts":1644499353.998644,"logger":"pki.ca.local","msg":"root certificate is already trusted by system","path":"storage:pki/authorities/local/root.crt"}
{"level":"debug","ts":1644499353.9987516,"logger":"security","msg":"starting app instance","app":"security"}
{"level":"debug","ts":1644499353.998758,"logger":"security","msg":"started app instance","app":"security"}
{"level":"debug","ts":1644499353.9988534,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":true}
{"level":"debug","ts":1644499353.9989147,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":false}
{"level":"info","ts":1644499353.998918,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["192.168.1.106","127.0.0.1","localhost"]}
{"level":"info","ts":1644499353.9989662,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1644499353.9995062,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"warn","ts":1644499353.999512,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [192.168.1.106]: no OCSP server specified in certificate"}
{"level":"debug","ts":1644499353.9995527,"logger":"tls.cache","msg":"added certificate to cache","subjects":["192.168.1.106"],"expiration":1644541671,"managed":true,"issuer_key":"local","hash":"a616768686a916945332dfc420f5fc7149ea6d967e4ff05979cca3af67dbb1d0","cache_size":1,"cache_capacity":10000}
{"level":"warn","ts":1644499353.999942,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [127.0.0.1]: no OCSP server specified in certificate"}
{"level":"debug","ts":1644499353.9999826,"logger":"tls.cache","msg":"added certificate to cache","subjects":["127.0.0.1"],"expiration":1644541564,"managed":true,"issuer_key":"local","hash":"f6d0146c2e8582b7398d38326853364c47a137adb6a56716ececbc478e31117c","cache_size":2,"cache_capacity":10000}
{"level":"warn","ts":1644499354.000346,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [localhost]: no OCSP server specified in certificate"}
{"level":"debug","ts":1644499354.0003831,"logger":"tls.cache","msg":"added certificate to cache","subjects":["localhost"],"expiration":1644541564,"managed":true,"issuer_key":"local","hash":"d36df32c8163a53370c558c82aa9e7876da1e5b3faa3c1ebf85888810093e3c2","cache_size":3,"cache_capacity":10000}
{"level":"info","ts":1644499354.000548,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1644499354.0006375,"logger":"admin.api","msg":"load complete"}
{"level":"info","ts":1644499354.000823,"logger":"docker-proxy","msg":"Successfully configured","server":"localhost"}
{"level":"info","ts":1644499354.0030348,"logger":"admin","msg":"stopped previous server","address":"tcp/localhost:2019"}{"level":"info","ts":1644499354.0676877,"logger":"docker-proxy","msg":"Skipping swarm config caddyfiles because swarm is not available"}
{"level":"info","ts":1644499354.0692687,"logger":"docker-proxy","msg":"Skipping swarm services because swarm is not available"}
{"level":"info","ts":1644499384.0679076,"logger":"docker-proxy","msg":"Skipping swarm config caddyfiles because swarm is not available"}